Hi Lorne, I haven’t used the cPanel interface myself, but if you are able to add to your webserver configuration (httpd.conf), you can add a statement like the following:
SecRule REQUEST_HEADERS:User-Agent "(semrush|majestic|slurp)" \ "id:123456,phase:1,t:none,t:lowercase,block,tag:BOT,msg:'Bad bot blocked'" This will block any requests from someone with semrush, majestic or slurp in the User-Agent header. (The rule id must be unique, I’ve used 123456 as an example.) If you would prefer doing this from cPanel itself, it’s probably best to ask this on the cPanel forums. Good luck! WH > On 12 Mar 2016, at 16:21, Lorne Wanamaker <feld...@gmail.com> wrote: > > Hi All, > > Having some issues with the bots listed above hammering sites on my cpanel > server. Here is a sample: > > 2016-03-11 18:35:12.670 [INFO] [162.158.35.73:19363 > <http://162.158.35.73:19363/>] File not found > [/usr/local/apache/htdocs/show/dance-moms] > > There are 1000's of these a day simply searching for stuff that does not > exist. > > I do have oswap running on this server but I cannot find the way to block > these bots. In the plugin I see you can add blocked agents, but I am not sure > on the format to add to this box or if it is indeed the right place to add to > in order to block these bots. > > Thanks for any help! > > Regards, > Lorne > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set